From 9835b4fde17526e18237f7adfa935f13cd5eb0a7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 2 Jun 2008 11:02:37 +1000 Subject: fixed a warning (This used to be commit 7a8ee50105265a4da1f2b89144094f2269c6b119) --- source4/lib/torture/torture.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/lib') diff --git a/source4/lib/torture/torture.h b/source4/lib/torture/torture.h index 15b04c2397..f023f319ff 100644 --- a/source4/lib/torture/torture.h +++ b/source4/lib/torture/torture.h @@ -257,7 +257,7 @@ void torture_result(struct torture_context *test, do { const void *__got = (got), *__expected = (expected); \ if (memcmp(__got, __expected, len) != 0) { \ torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": "#got" of len %d did not match"#expected": %s", len, cmt); \ + __location__": "#got" of len %d did not match"#expected": %s", (int)len, cmt); \ return false; \ } \ } while(0) -- cgit From 7c926ff1150133127c73b9b46d82524f57b3c616 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 3 Jun 2008 14:29:27 +1000 Subject: SMB2 signing now works. The spec was wrong (and will be fixed in the next version) (This used to be commit 436cb17b869e2d6cc57936ccc5e81680fb992341) --- source4/lib/crypto/config.mk | 2 +- source4/lib/crypto/crypto.h | 2 + source4/lib/crypto/hmacsha256.c | 92 +++++++++++++++++++++++++++++++++++++++++ source4/lib/crypto/hmacsha256.h | 38 +++++++++++++++++ 4 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 source4/lib/crypto/hmacsha256.c create mode 100644 source4/lib/crypto/hmacsha256.h (limited to 'source4/lib') diff --git a/source4/lib/crypto/config.mk b/source4/lib/crypto/config.mk index b9a7f7cb9e..fb1c1bf6ce 100644 --- a/source4/lib/crypto/config.mk +++ b/source4/lib/crypto/config.mk @@ -6,7 +6,7 @@ LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ crc32.o md5.o hmacmd5.o md4.o \ - arcfour.o sha1.o hmacsha1.o) + arcfour.o sha1.o hmacsha1.o hmacsha256.o) [MODULE::TORTURE_LIBCRYPTO] diff --git a/source4/lib/crypto/crypto.h b/source4/lib/crypto/crypto.h index 10e2258fa7..03a233ec98 100644 --- a/source4/lib/crypto/crypto.h +++ b/source4/lib/crypto/crypto.h @@ -23,6 +23,8 @@ #include "lib/crypto/hmacmd5.h" #include "lib/crypto/sha1.h" #include "lib/crypto/hmacsha1.h" +#include "heimdal/lib/hcrypto/sha.h" +#include "lib/crypto/hmacsha256.h" struct arcfour_state { uint8_t sbox[256]; diff --git a/source4/lib/crypto/hmacsha256.c b/source4/lib/crypto/hmacsha256.c new file mode 100644 index 0000000000..5503bdd59b --- /dev/null +++ b/source4/lib/crypto/hmacsha256.c @@ -0,0 +1,92 @@ +/* + Unix SMB/CIFS implementation. + + Interface header: HMAC SHA-256 code + + Copyright (C) Andrew Tridgell 2008 + + based in hmacsha1.c which is: + Copyright (C) Stefan Metzmacher + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + taken direct from rfc2202 implementation and modified for suitable use + */ + +#include "includes.h" +#include "lib/crypto/crypto.h" +#include "heimdal/lib/hcrypto/sha.h" + +/*********************************************************************** + the rfc 2104/2202 version of hmac_sha256 initialisation. +***********************************************************************/ +_PUBLIC_ void hmac_sha256_init(const uint8_t *key, size_t key_len, struct HMACSHA256Context *ctx) +{ + int i; + uint8_t tk[SHA256_DIGEST_LENGTH]; + + /* if key is longer than 64 bytes reset it to key=HASH(key) */ + if (key_len > 64) + { + SHA256_CTX tctx; + + SHA256_Init(&tctx); + SHA256_Update(&tctx, key, key_len); + SHA256_Final(tk, &tctx); + + key = tk; + key_len = SHA256_DIGEST_LENGTH; + } + + /* start out by storing key in pads */ + ZERO_STRUCT(ctx->k_ipad); + ZERO_STRUCT(ctx->k_opad); + memcpy( ctx->k_ipad, key, key_len); + memcpy( ctx->k_opad, key, key_len); + + /* XOR key with ipad and opad values */ + for (i=0; i<64; i++) + { + ctx->k_ipad[i] ^= 0x36; + ctx->k_opad[i] ^= 0x5c; + } + + SHA256_Init(&ctx->ctx); + SHA256_Update(&ctx->ctx, ctx->k_ipad, 64); +} + +/*********************************************************************** + update hmac_sha256 "inner" buffer +***********************************************************************/ +_PUBLIC_ void hmac_sha256_update(const uint8_t *data, size_t data_len, struct HMACSHA256Context *ctx) +{ + SHA256_Update(&ctx->ctx, data, data_len); /* then text of datagram */ +} + +/*********************************************************************** + finish off hmac_sha256 "inner" buffer and generate outer one. +***********************************************************************/ +_PUBLIC_ void hmac_sha256_final(uint8_t digest[SHA256_DIGEST_LENGTH], struct HMACSHA256Context *ctx) +{ + SHA256_CTX ctx_o; + + SHA256_Final(digest, &ctx->ctx); + + SHA256_Init(&ctx_o); + SHA256_Update(&ctx_o, ctx->k_opad, 64); + SHA256_Update(&ctx_o, digest, SHA256_DIGEST_LENGTH); + SHA256_Final(digest, &ctx_o); +} diff --git a/source4/lib/crypto/hmacsha256.h b/source4/lib/crypto/hmacsha256.h new file mode 100644 index 0000000000..8960c636c1 --- /dev/null +++ b/source4/lib/crypto/hmacsha256.h @@ -0,0 +1,38 @@ +/* + Unix SMB/CIFS implementation. + + Interface header: HMAC SHA256 code + + Copyright (C) Andrew Tridgell 2008 + + based on hmacsha1.h which is: + + Copyright (C) Stefan Metzmacher 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef _HMAC_SHA256_H + +struct HMACSHA256Context { + SHA256_CTX ctx; + uint8_t k_ipad[65]; + uint8_t k_opad[65]; +}; + +void hmac_sha256_init(const uint8_t *key, size_t key_len, struct HMACSHA256Context *ctx); +void hmac_sha256_update(const uint8_t *data, size_t data_len, struct HMACSHA256Context *ctx); +void hmac_sha256_final(uint8_t digest[20], struct HMACSHA256Context *ctx); + +#endif /* _HMAC_SHA256_H */ -- cgit From 446748bfe1f06d0900e44fe8acafdf856d54486e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jun 2008 23:27:22 +1000 Subject: Align the Python and EJS ldap tests. We should now (need to review and compare them once more) be able to remove ldap.js (and once samba3sam.js is done, smbscript). Andrew Bartlett (This used to be commit f65e43e9456e8e951d172779cba53ab417114b20) --- source4/lib/ldb/tests/python/ldap.py | 196 +++++++++++++++++++++++++++-------- 1 file changed, 151 insertions(+), 45 deletions(-) (limited to 'source4/lib') diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index c76222c207..aba9581ec5 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -14,7 +14,7 @@ from samba.auth import system_session from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError, LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM, - LDB_ERR_NOT_ALLOWED_ON_NON_LEAF, LDB_ERR_OTHER) + LDB_ERR_NOT_ALLOWED_ON_NON_LEAF, LDB_ERR_OTHER, LDB_ERR_INVALID_DN_SYNTAX) from samba import Ldb from subunit import SubunitTestRunner from samba import param @@ -115,6 +115,86 @@ class BasicTests(unittest.TestCase): "userAccountControl": "4096", "displayname": "ldap testy"}) + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) + try: + ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, + "objectClass": "computer", + "cn": "LDAPtest2COMPUTER" + }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, LDB_ERR_INVALID_DN_SYNTAX) + + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) + try: + ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, + "objectClass": "computer", + "cn": "ldaptestcomputer3", + "sAMAccountType": "805306368" + }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM) + + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) + try: + ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, + "objectClass": "computer", + "cn": "ldaptestcomputer3", + "userAccountControl": "0" + }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM) + + self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn) + try: + ldb.add({"dn": "cn=ldaptestuser7,cn=users," + self.base_dn, + "objectClass": "user", + "cn": "LDAPtestuser7", + "userAccountControl": "0" + }) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM) + + self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn) + + ldb.add({"dn": "cn=ldaptestuser7,cn=users," + self.base_dn, + "objectClass": "user", + "cn": "LDAPtestuser7", + "userAccountControl": "2" + }) + + self.delete_force(self.ldb, "cn=ldaptestuser7,cn=users," + self.base_dn) + + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) + ldb.add({"dn": "cn=ldaptestcomputer3,cn=computers," + self.base_dn, + "objectClass": "computer", + "cn": "LDAPtestCOMPUTER3" + }) + + print "Testing ldb.search for (&(cn=ldaptestcomputer3)(objectClass=user))"; + res = ldb.search(self.base_dn, expression="(&(cn=ldaptestcomputer3)(objectClass=user))"); + self.assertEquals(len(res), 1, "Found only %d for (&(cn=ldaptestcomputer3)(objectClass=user))" % len(res)) + + self.assertEquals(str(res[0].dn), ("CN=ldaptestcomputer3,CN=Computers," + self.base_dn)); + self.assertEquals(res[0]["cn"][0], "ldaptestcomputer3"); + self.assertEquals(res[0]["name"][0], "ldaptestcomputer3"); + self.assertEquals(res[0]["objectClass"][0], "top"); + self.assertEquals(res[0]["objectClass"][1], "person"); + self.assertEquals(res[0]["objectClass"][2], "organizationalPerson"); + self.assertEquals(res[0]["objectClass"][3], "user"); + self.assertEquals(res[0]["objectClass"][4], "computer"); + self.assertTrue("objectGUID" in res[0]) + self.assertTrue("whenCreated" in res[0]) + self.assertEquals(res[0]["objectCategory"][0], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)); + self.assertEquals(int(res[0]["primaryGroupID"][0]), 513); + self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368); + self.assertEquals(int(res[0]["userAccountControl"][0]), 546); + + self.delete_force(self.ldb, "cn=ldaptestcomputer3,cn=computers," + self.base_dn) + print "Testing attribute or value exists behaviour" try: ldb.modify_ldif(""" @@ -125,34 +205,36 @@ servicePrincipalName: host/ldaptest2computer servicePrincipalName: host/ldaptest2computer servicePrincipalName: cifs/ldaptest2computer """) + self.fail() except LdbError, (num, msg): self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) - ldb.modify_ldif(""" + ldb.modify_ldif(""" dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """ changetype: modify replace: servicePrincipalName servicePrincipalName: host/ldaptest2computer servicePrincipalName: cifs/ldaptest2computer """) - try: - ldb.modify_ldif(""" + try: + ldb.modify_ldif(""" dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """ changetype: modify add: servicePrincipalName servicePrincipalName: host/ldaptest2computer """) - except LdbError, (num, msg): - self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) - - print "Testing ranged results" - ldb.modify_ldif(""" + self.fail() + except LdbError, (num, msg): + self.assertEquals(num, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) + + print "Testing ranged results" + ldb.modify_ldif(""" dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """ changetype: modify replace: servicePrincipalName """) - ldb.modify_ldif(""" + ldb.modify_ldif(""" dn: cn=ldaptest2computer,cn=computers,""" + self.base_dn + """ changetype: modify add: servicePrincipalName @@ -188,53 +270,53 @@ servicePrincipalName: host/ldaptest2computer28 servicePrincipalName: host/ldaptest2computer29 """) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, - attrs=["servicePrincipalName;range=0-*"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - #print len(res[0]["servicePrincipalName;range=0-*"]) - self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30) + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, + attrs=["servicePrincipalName;range=0-*"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + #print len(res[0]["servicePrincipalName;range=0-*"]) + self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-19"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") # print res[0]["servicePrincipalName;range=0-19"].length - self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20) + self.assertEquals(len(res[0]["servicePrincipalName;range=0-19"]), 20) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30) + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-30"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30) + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=0-40"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + self.assertEquals(len(res[0]["servicePrincipalName;range=0-*"]), 30) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0) + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=30-40"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + self.assertEquals(len(res[0]["servicePrincipalName;range=30-*"]), 0) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20) - # pos_11 = res[0]["servicePrincipalName;range=10-*"][18] - - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19) + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=10-40"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + self.assertEquals(len(res[0]["servicePrincipalName;range=10-*"]), 20) + # pos_11 = res[0]["servicePrincipalName;range=10-*"][18] + + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-40"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + self.assertEquals(len(res[0]["servicePrincipalName;range=11-*"]), 19) # print res[0]["servicePrincipalName;range=11-*"][18] # print pos_11 # self.assertEquals((res[0]["servicePrincipalName;range=11-*"][18]), pos_11) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") - self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5) + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName;range=11-15"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + self.assertEquals(len(res[0]["servicePrincipalName;range=11-15"]), 5) # self.assertEquals(res[0]["servicePrincipalName;range=11-15"][4], pos_11) - res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"]) - self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") + res = ldb.search(self.base_dn, expression="(cn=ldaptest2computer))", scope=SCOPE_SUBTREE, attrs=["servicePrincipalName"]) + self.assertEquals(len(res), 1, "Could not find (cn=ldaptest2computer)") # print res[0]["servicePrincipalName"][18] # print pos_11 - self.assertEquals(len(res[0]["servicePrincipalName"]), 30) + self.assertEquals(len(res[0]["servicePrincipalName"]), 30) # self.assertEquals(res[0]["servicePrincipalName"][18], pos_11) self.delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn) @@ -322,6 +404,10 @@ servicePrincipalName: host/ldaptest2computer29 res = ldb.search(expression="(&(anr=not ldap user2)(objectClass=user))") self.assertEquals(len(res), 0, "Must not find (&(anr=not ldap user2)(objectClass=user))") + # Testing ldb.search for (&(anr="testy ldap")(objectClass=user)) (ie, with quotes) + res = ldb.search(expression="(&(anr==\"testy ldap\")(objectClass=user))") + self.assertEquals(len(res), 0, "Found (&(anr==\"testy ldap\")(objectClass=user))") + print "Testing Group Modifies" ldb.modify_ldif(""" dn: cn=ldaptestgroup,cn=users,""" + self.base_dn + """ @@ -361,6 +447,26 @@ member: cn=ldaptestuser3,cn=users,""" + self.base_dn + """ self.assertEquals(res[0]["cn"], "ldaptestUSER3") self.assertEquals(res[0]["name"], "ldaptestUSER3") + #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))" + res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))") + self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=*))(objectClass=user))") + + self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn)) + self.assertEquals(res[0]["cn"], "ldaptestUSER3") + self.assertEquals(res[0]["name"], "ldaptestUSER3") + + #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))" + res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))") + self.assertEquals(len(res), 1, "(&(&(cn=ldaptestuser3)(userAccountControl=546))(objectClass=user))") + + self.assertEquals(str(res[0].dn), ("CN=ldaptestUSER3,CN=Users," + self.base_dn)) + self.assertEquals(res[0]["cn"], "ldaptestUSER3") + self.assertEquals(res[0]["name"], "ldaptestUSER3") + + #"Testing ldb.search for (&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))" + res = ldb.search(expression="(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))") + self.assertEquals(len(res), 0, "(&(&(cn=ldaptestuser3)(userAccountControl=547))(objectClass=user))") + # This is a Samba special, and does not exist in real AD # print "Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")" # res = ldb.search("(dn=CN=ldaptestUSER3,CN=Users," + self.base_dn + ")") @@ -534,7 +640,7 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("whenCreated" in res[0]) self.assertEquals(res[0]["objectCategory"], ("CN=Person,CN=Schema,CN=Configuration," + self.base_dn)) self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368) - # self.assertEquals(res[0].userAccountControl, 546) + self.assertEquals(int(res[0]["userAccountControl"][0]), 546) self.assertEquals(res[0]["memberOf"][0], ("CN=ldaptestgroup2,CN=Users," + self.base_dn)) self.assertEquals(len(res[0]["memberOf"]), 1) @@ -578,8 +684,8 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("whenCreated" in res[0]) self.assertEquals(res[0]["objectCategory"], ("CN=Computer,CN=Schema,CN=Configuration," + self.base_dn)) self.assertEquals(int(res[0]["primaryGroupID"][0]), 513) - # self.assertEquals(res[0].sAMAccountType, 805306368) - # self.assertEquals(res[0].userAccountControl, 546) + self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306368) + self.assertEquals(int(res[0]["userAccountControl"][0]), 546) self.assertEquals(res[0]["memberOf"][0], "CN=ldaptestgroup2,CN=Users," + self.base_dn) self.assertEquals(len(res[0]["memberOf"]), 1) @@ -641,7 +747,7 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("whenCreated" in res[0]) self.assertEquals(res[0]["objectCategory"][0], "CN=Computer,CN=Schema,CN=Configuration," + self.base_dn) self.assertEquals(int(res[0]["sAMAccountType"][0]), 805306369) - # self.assertEquals(res[0].userAccountControl, 4098) + self.assertEquals(int(res[0]["userAccountControl"][0]), 4096) ldb.delete(res[0].dn) -- cgit From 869991385827d14f4e55729e4d56a80eccf9fdec Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 4 Jun 2008 08:54:42 +0200 Subject: lib/crypto: remove unused sha1 and hmac-sha1 code metze (This used to be commit 2c8904be3bac2c696712cc3160fe95d62afde43a) --- source4/lib/crypto/config.mk | 4 +- source4/lib/crypto/crypto.h | 2 - source4/lib/crypto/hmacsha1.c | 86 --------- source4/lib/crypto/hmacsha1.h | 33 ---- source4/lib/crypto/hmacsha1test.c | 97 ---------- source4/lib/crypto/sha1.c | 390 -------------------------------------- source4/lib/crypto/sha1.h | 62 ------ source4/lib/crypto/sha1test.c | 110 ----------- 8 files changed, 2 insertions(+), 782 deletions(-) delete mode 100644 source4/lib/crypto/hmacsha1.c delete mode 100644 source4/lib/crypto/hmacsha1.h delete mode 100644 source4/lib/crypto/hmacsha1test.c delete mode 100644 source4/lib/crypto/sha1.c delete mode 100644 source4/lib/crypto/sha1.h delete mode 100644 source4/lib/crypto/sha1test.c (limited to 'source4/lib') diff --git a/source4/lib/crypto/config.mk b/source4/lib/crypto/config.mk index b9a7f7cb9e..f771a0e306 100644 --- a/source4/lib/crypto/config.mk +++ b/source4/lib/crypto/config.mk @@ -6,7 +6,7 @@ LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ crc32.o md5.o hmacmd5.o md4.o \ - arcfour.o sha1.o hmacsha1.o) + arcfour.o) [MODULE::TORTURE_LIBCRYPTO] @@ -14,6 +14,6 @@ SUBSYSTEM = smbtorture PRIVATE_DEPENDENCIES = LIBCRYPTO TORTURE_LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ - md4test.o md5test.o hmacmd5test.o sha1test.o hmacsha1test.o) + md4test.o md5test.o hmacmd5test.o) $(eval $(call proto_header_template,$(libcryptosrcdir)/test_proto.h,$(TORTURE_LIBCRYPTO_OBJ_FILES:.o=.c))) diff --git a/source4/lib/crypto/crypto.h b/source4/lib/crypto/crypto.h index 10e2258fa7..513ae788de 100644 --- a/source4/lib/crypto/crypto.h +++ b/source4/lib/crypto/crypto.h @@ -21,8 +21,6 @@ #include "lib/crypto/md4.h" #include "lib/crypto/md5.h" #include "lib/crypto/hmacmd5.h" -#include "lib/crypto/sha1.h" -#include "lib/crypto/hmacsha1.h" struct arcfour_state { uint8_t sbox[256]; diff --git a/source4/lib/crypto/hmacsha1.c b/source4/lib/crypto/hmacsha1.c deleted file mode 100644 index 21ce966f60..0000000000 --- a/source4/lib/crypto/hmacsha1.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Interface header: HMAC SHA-1 code - Copyright (C) Stefan Metzmacher - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -/* - taken direct from rfc2202 implementation and modified for suitable use - */ - -#include "includes.h" -#include "lib/crypto/crypto.h" - -/*********************************************************************** - the rfc 2104/2202 version of hmac_sha1 initialisation. -***********************************************************************/ -_PUBLIC_ void hmac_sha1_init(const uint8_t *key, size_t key_len, struct HMACSHA1Context *ctx) -{ - int i; - uint8_t tk[SHA1HashSize]; - - /* if key is longer than 64 bytes reset it to key=MD5(key) */ - if (key_len > 64) - { - struct SHA1Context tctx; - - SHA1Init(&tctx); - SHA1Update(&tctx, key, key_len); - SHA1Final(tk, &tctx); - - key = tk; - key_len = SHA1HashSize; - } - - /* start out by storing key in pads */ - ZERO_STRUCT(ctx->k_ipad); - ZERO_STRUCT(ctx->k_opad); - memcpy( ctx->k_ipad, key, key_len); - memcpy( ctx->k_opad, key, key_len); - - /* XOR key with ipad and opad values */ - for (i=0; i<64; i++) - { - ctx->k_ipad[i] ^= 0x36; - ctx->k_opad[i] ^= 0x5c; - } - - SHA1Init(&ctx->ctx); - SHA1Update(&ctx->ctx, ctx->k_ipad, 64); -} - -/*********************************************************************** - update hmac_sha1 "inner" buffer -***********************************************************************/ -_PUBLIC_ void hmac_sha1_update(const uint8_t *data, size_t data_len, struct HMACSHA1Context *ctx) -{ - SHA1Update(&ctx->ctx, data, data_len); /* then text of datagram */ -} - -/*********************************************************************** - finish off hmac_sha1 "inner" buffer and generate outer one. -***********************************************************************/ -_PUBLIC_ void hmac_sha1_final(uint8_t digest[SHA1HashSize], struct HMACSHA1Context *ctx) -{ - struct SHA1Context ctx_o; - - SHA1Final(digest, &ctx->ctx); - - SHA1Init(&ctx_o); - SHA1Update(&ctx_o, ctx->k_opad, 64); - SHA1Update(&ctx_o, digest, SHA1HashSize); - SHA1Final(digest, &ctx_o); -} diff --git a/source4/lib/crypto/hmacsha1.h b/source4/lib/crypto/hmacsha1.h deleted file mode 100644 index 0638c66d53..0000000000 --- a/source4/lib/crypto/hmacsha1.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Interface header: HMAC SHA1 code - Copyright (C) Stefan Metzmacher 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef _HMAC_SHA1_H - -struct HMACSHA1Context { - struct SHA1Context ctx; - uint8_t k_ipad[65]; - uint8_t k_opad[65]; - -}; - -void hmac_sha1_init(const uint8_t *key, size_t key_len, struct HMACSHA1Context *ctx); -void hmac_sha1_update(const uint8_t *data, size_t data_len, struct HMACSHA1Context *ctx); -void hmac_sha1_final(uint8_t digest[20], struct HMACSHA1Context *ctx); - -#endif /* _HMAC_SHA1_H */ diff --git a/source4/lib/crypto/hmacsha1test.c b/source4/lib/crypto/hmacsha1test.c deleted file mode 100644 index 6e53124d21..0000000000 --- a/source4/lib/crypto/hmacsha1test.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - Unix SMB/CIFS implementation. - HMAC SHA-1 tests - Copyright (C) Stefan Metzmacher - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ -#include "includes.h" -#include "lib/crypto/crypto.h" - -struct torture_context; - -static DATA_BLOB data_blob_repeat_byte(uint8_t byte, size_t length) -{ - DATA_BLOB b = data_blob(NULL, length); - memset(b.data, byte, length); - return b; -} - -/* - This uses the test values from rfc2202 -*/ -bool torture_local_crypto_hmacsha1(struct torture_context *torture) -{ - bool ret = true; - uint32_t i; - struct { - DATA_BLOB key; - DATA_BLOB data; - DATA_BLOB sha1; - } testarray[7]; - - testarray[0].key = data_blob_repeat_byte(0x0b, 20); - testarray[0].data = data_blob_string_const("Hi There"); - testarray[0].sha1 = strhex_to_data_blob("b617318655057264e28bc0b6fb378c8ef146be00"); - - testarray[1].key = data_blob_string_const("Jefe"); - testarray[1].data = data_blob_string_const("what do ya want for nothing?"); - testarray[1].sha1 = strhex_to_data_blob("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79"); - - testarray[2].key = data_blob_repeat_byte(0xaa, 20); - testarray[2].data = data_blob_repeat_byte(0xdd, 50); - testarray[2].sha1 = strhex_to_data_blob("125d7342b9ac11cd91a39af48aa17b4f63f175d3"); - - testarray[3].key = strhex_to_data_blob("0102030405060708090a0b0c0d0e0f10111213141516171819"); - testarray[3].data = data_blob_repeat_byte(0xcd, 50); - testarray[3].sha1 = strhex_to_data_blob("4c9007f4026250c6bc8414f9bf50c86c2d7235da"); - - testarray[4].key = data_blob_repeat_byte(0x0c, 20); - testarray[4].data = data_blob_string_const("Test With Truncation"); - testarray[4].sha1 = strhex_to_data_blob("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04"); - /* sha1-96 = 0x4c1a03424b55e07fe7f27be1 */ - - testarray[5].key = data_blob_repeat_byte(0xaa, 80); - testarray[5].data = data_blob_string_const("Test Using Larger Than Block-Size Key - Hash Key First"); - testarray[5].sha1 = strhex_to_data_blob("aa4ae5e15272d00e95705637ce8a3b55ed402112"); - - testarray[6].key = data_blob_repeat_byte(0xaa, 80); - testarray[6].data = data_blob_string_const("Test Using Larger Than Block-Size Key " - "and Larger Than One Block-Size Data"); - testarray[6].sha1 = strhex_to_data_blob("e8e99d0f45237d786d6bbaa7965c7808bbff1a91"); - - for (i=0; i < ARRAY_SIZE(testarray); i++) { - struct HMACSHA1Context ctx; - uint8_t sha1[SHA1HashSize]; - int e; - - hmac_sha1_init(testarray[i].key.data, testarray[i].key.length, &ctx); - hmac_sha1_update(testarray[i].data.data, testarray[i].data.length, &ctx); - hmac_sha1_final(sha1, &ctx); - - e = memcmp(testarray[i].sha1.data, - sha1, - MIN(testarray[i].sha1.length, sizeof(sha1))); - if (e != 0) { - printf("hmacsha1 test[%u]: failed\n", i); - dump_data(0, testarray[i].key.data, testarray[i].key.length); - dump_data(0, testarray[i].data.data, testarray[i].data.length); - dump_data(0, testarray[i].sha1.data, testarray[i].sha1.length); - dump_data(0, sha1, sizeof(sha1)); - ret = false; - } - } - - return ret; -} diff --git a/source4/lib/crypto/sha1.c b/source4/lib/crypto/sha1.c deleted file mode 100644 index 1b91f8a949..0000000000 --- a/source4/lib/crypto/sha1.c +++ /dev/null @@ -1,390 +0,0 @@ -/* - This file contains the reference implementation of SHA-1 - from http://www.ietf.org/rfc/rfc3174.txt -*/ -/* - * sha1.c - * - * Description: - * This file implements the Secure Hashing Algorithm 1 as - * defined in FIPS PUB 180-1 published April 17, 1995. - * - * The SHA-1, produces a 160-bit message digest for a given - * data stream. It should take about 2**n steps to find a - * message with the same digest as a given message and - * 2**(n/2) to find any two messages with the same digest, - * when n is the digest size in bits. Therefore, this - * algorithm can serve as a means of providing a - * "fingerprint" for a message. - * - * Portability Issues: - * SHA-1 is defined in terms of 32-bit "words". This code - * uses (included via "sha1.h" to define 32 and 8 - * bit unsigned integer types. If your C compiler does not - * support 32 bit unsigned integers, this code is not - * appropriate. - * - * Caveats: - * SHA-1 is designed to work with messages less than 2^64 bits - * long. Although SHA-1 allows a message digest to be generated - * for messages of any number of bits less than 2^64, this - * implementation only works with messages with a length that is - * a multiple of the size of an 8-bit character. - * - */ - -#include "includes.h" - -#include "sha1.h" - -/* - * Define the SHA1 circular left shift macro - */ -#define SHA1CircularShift(bits,word) \ - (((word) << (bits)) | ((word) >> (32-(bits)))) - -/* Local Function Prototyptes */ -static void SHA1PadMessage(struct SHA1Context *); -static void SHA1ProcessMessageBlock(struct SHA1Context *); - -/* - * SHA1Init (SHA1Reset in the rfc) - * - * Description: - * This function will initialize the SHA1Context in preparation - * for computing a new SHA1 message digest. - * - * Parameters: - * context: [in/out] - * The context to reset. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Init(struct SHA1Context *context) -{ - if (!context) - { - return shaNull; - } - - context->Length_Low = 0; - context->Length_High = 0; - context->Message_Block_Index = 0; - - context->Intermediate_Hash[0] = 0x67452301; - context->Intermediate_Hash[1] = 0xEFCDAB89; - context->Intermediate_Hash[2] = 0x98BADCFE; - context->Intermediate_Hash[3] = 0x10325476; - context->Intermediate_Hash[4] = 0xC3D2E1F0; - - context->Computed = 0; - context->Corrupted = 0; - - return shaSuccess; -} - -/* - * SHA1Final (SHA1Result in the rfc) - * - * Description: - * This function will return the 160-bit message digest into the - * Message_Digest array provided by the caller. - * NOTE: The first octet of hash is stored in the 0th element, - * the last octet of hash in the 19th element. - * - * Parameters: - * context: [in/out] - * The context to use to calculate the SHA-1 hash. - * Message_Digest: [out] - * Where the digest is returned. - * - * Returns: - * sha Error Code. - * - */ -int SHA1Final(uint8_t Message_Digest[SHA1HashSize], - struct SHA1Context *context) -{ - int i; - - if (!context || !Message_Digest) - { - return shaNull; - } - - if (context->Corrupted) - { - return context->Corrupted; - } - - if (!context->Computed) - { - SHA1PadMessage(context); - for(i=0; i<64; ++i) - { - /* message may be sensitive, clear it out */ - context->Message_Block[i] = 0; - } - context->Length_Low = 0; /* and clear length */ - context->Length_High = 0; - context->Computed = 1; - } - - for(i = 0; i < SHA1HashSize; ++i) - { - Message_Digest[i] = context->Intermediate_Hash[i>>2] - >> 8 * ( 3 - ( i & 0x03 ) ); - } - - return shaSuccess; -} - -/* - * SHA1Update (SHA1Input in the rfc) - * - * Description: - * This function accepts an array of octets as the next portion - * of the message. - * - * Parameters: - * context: [in/out] - * The SHA context to update - * message_array: [in] - * An array of characters representing the next portion of - * the message. - * length: [in] - * The length of the message in message_array - * - * Returns: - * sha Error Code. - * - */ -int SHA1Update(struct SHA1Context *context, - const uint8_t *message_array, - size_t length) -{ - if (!length) - { - return shaSuccess; - } - - if (!context || !message_array) - { - return shaNull; - } - - if (context->Computed) - { - context->Corrupted = shaStateError; - return shaStateError; - } - - if (context->Corrupted) - { - return context->Corrupted; - } - while(length-- && !context->Corrupted) - { - context->Message_Block[context->Message_Block_Index++] = - (*message_array & 0xFF); - - context->Length_Low += 8; - if (context->Length_Low == 0) - { - context->Length_High++; - if (context->Length_High == 0) - { - /* Message is too long */ - context->Corrupted = 1; - } - } - - if (context->Message_Block_Index == 64) - { - SHA1ProcessMessageBlock(context); - } - - message_array++; - } - - return shaSuccess; -} - -/* - * SHA1ProcessMessageBlock - * - * Description: - * This function will process the next 512 bits of the message - * stored in the Message_Block array. - * - * Parameters: - * None. - * - * Returns: - * Nothing. - * - * Comments: - * Many of the variable names in this code, especially the - * single character names, were used because those were the - * names used in the publication. - * - * - */ -static void SHA1ProcessMessageBlock(struct SHA1Context *context) -{ - const uint32_t K[] = { /* Constants defined in SHA-1 */ - 0x5A827999, - 0x6ED9EBA1, - 0x8F1BBCDC, - 0xCA62C1D6 - }; - int t; /* Loop counter */ - uint32_t temp; /* Temporary word value */ - uint32_t W[80]; /* Word sequence */ - uint32_t A, B, C, D, E; /* Word buffers */ - - /* - * Initialize the first 16 words in the array W - */ - for(t = 0; t < 16; t++) - { - W[t] = context->Message_Block[t * 4] << 24; - W[t] |= context->Message_Block[t * 4 + 1] << 16; - W[t] |= context->Message_Block[t * 4 + 2] << 8; - W[t] |= context->Message_Block[t * 4 + 3]; - } - - for(t = 16; t < 80; t++) - { - W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); - } - - A = context->Intermediate_Hash[0]; - B = context->Intermediate_Hash[1]; - C = context->Intermediate_Hash[2]; - D = context->Intermediate_Hash[3]; - E = context->Intermediate_Hash[4]; - - for(t = 0; t < 20; t++) - { - temp = SHA1CircularShift(5,A) + - ((B & C) | ((~B) & D)) + E + W[t] + K[0]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 20; t < 40; t++) - { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 40; t < 60; t++) - { - temp = SHA1CircularShift(5,A) + - ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - for(t = 60; t < 80; t++) - { - temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; - E = D; - D = C; - C = SHA1CircularShift(30,B); - B = A; - A = temp; - } - - context->Intermediate_Hash[0] += A; - context->Intermediate_Hash[1] += B; - context->Intermediate_Hash[2] += C; - context->Intermediate_Hash[3] += D; - context->Intermediate_Hash[4] += E; - - context->Message_Block_Index = 0; -} - - -/* - * SHA1PadMessage - * - * Description: - * According to the standard, the message must be padded to an even - * 512 bits. The first padding bit must be a '1'. The last 64 - * bits represent the length of the original message. All bits in - * between should be 0. This function will pad the message - * according to those rules by filling the Message_Block array - * accordingly. It will also call the ProcessMessageBlock function - * provided appropriately. When it returns, it can be assumed that - * the message digest has been computed. - * - * Parameters: - * context: [in/out] - * The context to pad - * ProcessMessageBlock: [in] - * The appropriate SHA*ProcessMessageBlock function - * Returns: - * Nothing. - * - */ - -static void SHA1PadMessage(struct SHA1Context *context) -{ - /* - * Check to see if the current message block is too small to hold - * the initial padding bits and length. If so, we will pad the - * block, process it, and then continue padding into a second - * block. - */ - if (context->Message_Block_Index > 55) - { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 64) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - - SHA1ProcessMessageBlock(context); - - while(context->Message_Block_Index < 56) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } - else - { - context->Message_Block[context->Message_Block_Index++] = 0x80; - while(context->Message_Block_Index < 56) - { - context->Message_Block[context->Message_Block_Index++] = 0; - } - } - - /* - * Store the message length as the last 8 octets - */ - context->Message_Block[56] = context->Length_High >> 24; - context->Message_Block[57] = context->Length_High >> 16; - context->Message_Block[58] = context->Length_High >> 8; - context->Message_Block[59] = context->Length_High; - context->Message_Block[60] = context->Length_Low >> 24; - context->Message_Block[61] = context->Length_Low >> 16; - context->Message_Block[62] = context->Length_Low >> 8; - context->Message_Block[63] = context->Length_Low; - - SHA1ProcessMessageBlock(context); -} diff --git a/source4/lib/crypto/sha1.h b/source4/lib/crypto/sha1.h deleted file mode 100644 index 4a2d448bfc..0000000000 --- a/source4/lib/crypto/sha1.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - This file contains the reference implementation of SHA-1 - from http://www.ietf.org/rfc/rfc3174.txt -*/ -/* - * sha1.h - * - * Description: - * This is the header file for code which implements the Secure - * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published - * April 17, 1995. - * - * Many of the variable names in this code, especially the - * single character names, were used because those were the names - * used in the publication. - * - * Please read the file sha1.c for more information. - * - */ -#ifndef _SHA1_H_ -#define _SHA1_H_ - -#ifndef _SHA_enum_ -#define _SHA_enum_ -enum -{ - shaSuccess = 0, - shaNull, /* Null pointer parameter */ - shaInputTooLong, /* input data too long */ - shaStateError /* called Input after Result */ -}; -#endif -#define SHA1HashSize 20 - -/* - * This structure will hold context information for the SHA-1 - * hashing operation - */ -struct SHA1Context -{ - uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ - - uint32_t Length_Low; /* Message length in bits */ - uint32_t Length_High; /* Message length in bits */ - - /* Index into message block array */ - int16_t Message_Block_Index; - uint8_t Message_Block[64]; /* 512-bit message blocks */ - - int Computed; /* Is the digest computed? */ - int Corrupted; /* Is the message digest corrupted? */ -}; - -/* - * Function Prototypes - */ - -int SHA1Init(struct SHA1Context *); -int SHA1Update(struct SHA1Context *, const uint8_t *data, size_t data_len); -int SHA1Final(uint8_t Message_Digest[SHA1HashSize], struct SHA1Context *); - -#endif diff --git a/source4/lib/crypto/sha1test.c b/source4/lib/crypto/sha1test.c deleted file mode 100644 index 7777764277..0000000000 --- a/source4/lib/crypto/sha1test.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - This file contains the reference implementation of SHA-1 - from http://www.ietf.org/rfc/rfc3174.txt -*/ -/* - * sha1test.c - * - * Description: - * This file will exercise the SHA-1 code performing the three - * tests documented in FIPS PUB 180-1 plus one which calls - * SHA1Input with an exact multiple of 512 bits, plus a few - * error test checks. - * - * Portability Issues: - * None. - * - */ - -#include "includes.h" -#include "torture/torture.h" - -#include "lib/crypto/crypto.h" - -struct torture_context; - -/* - * Define patterns for testing - */ -#define TEST1 "abc" -#define TEST2a "abcdbcdecdefdefgefghfghighijhi" -#define TEST2b "jkijkljklmklmnlmnomnopnopq" -#define TEST2 TEST2a TEST2b -#define TEST3 "a" -#define TEST4a "01234567012345670123456701234567" -#define TEST4b "01234567012345670123456701234567" - /* an exact multiple of 512 bits */ -#define TEST4 TEST4a TEST4b -static const char *testarray[4] = -{ - TEST1, - TEST2, - TEST3, - TEST4 -}; -static int repeatcount[4] = { 1, 1, 1000000, 10 }; -static const char *resultarray[4] = -{ - "A9 99 3E 36 47 06 81 6A BA 3E 25 71 78 50 C2 6C 9C D0 D8 9D ", - "84 98 3E 44 1C 3B D2 6E BA AE 4A A1 F9 51 29 E5 E5 46 70 F1 ", - "34 AA 97 3C D4 C4 DA A4 F6 1E EB 2B DB AD 27 31 65 34 01 6F ", - "DE A3 56 A2 CD DD 90 C7 A7 EC ED C5 EB B5 63 93 4F 46 04 52 " -}; - - -bool torture_local_crypto_sha1(struct torture_context *tctx) -{ - struct SHA1Context sha; - int i, j, err; - uint8_t Message_Digest[20]; - bool ret = true; - char tmp[60 + 10]; - - /* - * Perform SHA-1 tests - */ - for(j = 0; j < 4; ++j) - { - ZERO_STRUCT(tmp); - torture_comment(tctx, "Test %d: %d, '%s'\n", - j+1, - repeatcount[j], - testarray[j]); - - err = SHA1Init(&sha); - torture_assert_int_equal(tctx, err, 0, "SHA1Init Error"); - - for(i = 0; i < repeatcount[j]; ++i) - { - err = SHA1Update(&sha, - (const unsigned char *) testarray[j], - strlen(testarray[j])); - torture_assert_int_equal(tctx, err, 0, "SHA1Update Error"); - } - - err = SHA1Final(Message_Digest, &sha); - torture_assert_int_equal(tctx, err, 0, - "SHA1Result Error, could not compute message digest."); - torture_comment(tctx, "\t"); - for(i = 0; i < 20 ; ++i) - { - snprintf(tmp+(i*3), sizeof(tmp) - (i*3),"%02X ", Message_Digest[i]); - torture_comment(tctx, "%02X ", Message_Digest[i]); - } - torture_comment(tctx, "\n"); - torture_comment(tctx, "Should match:\n\t%s\n", resultarray[j]); - if (strcmp(resultarray[j], tmp) != 0) { - ret = false; - } - } - - /* Test some error returns */ - err = SHA1Update(&sha,(const unsigned char *) testarray[1], 1); - torture_assert_int_equal(tctx, err, shaStateError, "SHA1Update failed"); - err = SHA1Init(0); - torture_assert_int_equal(tctx, err, shaNull, "SHA1Init failed"); - - return true; -} - - -- cgit From 9cf72946aaf32d4335c8e59eb805844cadea76a8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jun 2008 09:42:55 -0700 Subject: copied the Heimdal sha256 functions into lib/crypto to avoid a link error Hopefully we can remove this again later (This used to be commit fa2ecfea7a1acc388a86e8fba5b42df7925c9045) --- source4/lib/crypto/config.mk | 2 +- source4/lib/crypto/crypto.h | 2 +- source4/lib/crypto/hmacsha256.c | 1 - source4/lib/crypto/sha256.c | 234 ++++++++++++++++++++++++++++++++++++++++ source4/lib/crypto/sha256.h | 91 ++++++++++++++++ 5 files changed, 327 insertions(+), 3 deletions(-) create mode 100644 source4/lib/crypto/sha256.c create mode 100644 source4/lib/crypto/sha256.h (limited to 'source4/lib') diff --git a/source4/lib/crypto/config.mk b/source4/lib/crypto/config.mk index c35280abda..ee111bd088 100644 --- a/source4/lib/crypto/config.mk +++ b/source4/lib/crypto/config.mk @@ -6,7 +6,7 @@ LIBCRYPTO_OBJ_FILES = $(addprefix $(libcryptosrcdir)/, \ crc32.o md5.o hmacmd5.o md4.o \ - arcfour.o hmacsha256.o) + arcfour.o sha256.o hmacsha256.o) [MODULE::TORTURE_LIBCRYPTO] SUBSYSTEM = smbtorture diff --git a/source4/lib/crypto/crypto.h b/source4/lib/crypto/crypto.h index 54a4482325..fc283f72ba 100644 --- a/source4/lib/crypto/crypto.h +++ b/source4/lib/crypto/crypto.h @@ -21,7 +21,7 @@ #include "lib/crypto/md4.h" #include "lib/crypto/md5.h" #include "lib/crypto/hmacmd5.h" -#include "heimdal/lib/hcrypto/sha.h" +#include "lib/crypto/sha256.h" #include "lib/crypto/hmacsha256.h" struct arcfour_state { diff --git a/source4/lib/crypto/hmacsha256.c b/source4/lib/crypto/hmacsha256.c index 5503bdd59b..6b0af9ee83 100644 --- a/source4/lib/crypto/hmacsha256.c +++ b/source4/lib/crypto/hmacsha256.c @@ -28,7 +28,6 @@ #include "includes.h" #include "lib/crypto/crypto.h" -#include "heimdal/lib/hcrypto/sha.h" /*********************************************************************** the rfc 2104/2202 version of hmac_sha256 initialisation. diff --git a/source4/lib/crypto/sha256.c b/source4/lib/crypto/sha256.c new file mode 100644 index 0000000000..70fe7a3099 --- /dev/null +++ b/source4/lib/crypto/sha256.c @@ -0,0 +1,234 @@ +/* + based on heildal lib/hcrypto/sha256.c. Copied to lib/crypto to avoid a link + problem. Hopefully will be removed once we solve this link problem + + (tridge) + */ + +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#include "heimdal/lib/hcrypto/hash.h" +#include "sha256.h" + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n)))) + +#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25)) +#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3)) +#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10)) + +#define A m->counter[0] +#define B m->counter[1] +#define C m->counter[2] +#define D m->counter[3] +#define E m->counter[4] +#define F m->counter[5] +#define G m->counter[6] +#define H m->counter[7] + +static const uint32_t constant_256[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +void +SHA256_Init (SHA256_CTX *m) +{ + m->sz[0] = 0; + m->sz[1] = 0; + A = 0x6a09e667; + B = 0xbb67ae85; + C = 0x3c6ef372; + D = 0xa54ff53a; + E = 0x510e527f; + F = 0x9b05688c; + G = 0x1f83d9ab; + H = 0x5be0cd19; +} + +static void +calc (SHA256_CTX *m, uint32_t *in) +{ + uint32_t AA, BB, CC, DD, EE, FF, GG, HH; + uint32_t data[64]; + int i; + + AA = A; + BB = B; + CC = C; + DD = D; + EE = E; + FF = F; + GG = G; + HH = H; + + for (i = 0; i < 16; ++i) + data[i] = in[i]; + for (i = 16; i < 64; ++i) + data[i] = sigma1(data[i-2]) + data[i-7] + + sigma0(data[i-15]) + data[i - 16]; + + for (i = 0; i < 64; i++) { + uint32_t T1, T2; + + T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i]; + T2 = Sigma0(AA) + Maj(AA,BB,CC); + + HH = GG; + GG = FF; + FF = EE; + EE = DD + T1; + DD = CC; + CC = BB; + BB = AA; + AA = T1 + T2; + } + + A += AA; + B += BB; + C += CC; + D += DD; + E += EE; + F += FF; + G += GG; + H += HH; +} + +/* + * From `Performance analysis of MD5' by Joseph D. Touch + */ + +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) +static inline uint32_t +swap_uint32_t (uint32_t t) +{ + uint32_t temp1, temp2; + + temp1 = cshift(t, 16); + temp2 = temp1 >> 8; + temp1 &= 0x00ff00ff; + temp2 &= 0x00ff00ff; + temp1 <<= 8; + return temp1 | temp2; +} +#endif + +struct x32{ + unsigned int a:32; + unsigned int b:32; +}; + +void +SHA256_Update (SHA256_CTX *m, const void *v, size_t len) +{ + const unsigned char *p = v; + size_t old_sz = m->sz[0]; + size_t offset; + + m->sz[0] += len * 8; + if (m->sz[0] < old_sz) + ++m->sz[1]; + offset = (old_sz / 8) % 64; + while(len > 0){ + size_t l = min(len, 64 - offset); + memcpy(m->save + offset, p, l); + offset += l; + p += l; + len -= l; + if(offset == 64){ +#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) + int i; + uint32_t current[16]; + struct x32 *u = (struct x32*)m->save; + for(i = 0; i < 8; i++){ + current[2*i+0] = swap_uint32_t(u[i].a); + current[2*i+1] = swap_uint32_t(u[i].b); + } + calc(m, current); +#else + calc(m, (uint32_t*)m->save); +#endif + offset = 0; + } + } +} + +void +SHA256_Final (void *res, SHA256_CTX *m) +{ + unsigned char zeros[72]; + unsigned offset = (m->sz[0] / 8) % 64; + unsigned int dstart = (120 - offset - 1) % 64 + 1; + + *zeros = 0x80; + memset (zeros + 1, 0, sizeof(zeros) - 1); + zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; + zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; + zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; + zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; + zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; + zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; + zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; + zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; + SHA256_Update (m, zeros, dstart + 8); + { + int i; + unsigned char *r = (unsigned char*)res; + + for (i = 0; i < 8; ++i) { + r[4*i+3] = m->counter[i] & 0xFF; + r[4*i+2] = (m->counter[i] >> 8) & 0xFF; + r[4*i+1] = (m->counter[i] >> 16) & 0xFF; + r[4*i] = (m->counter[i] >> 24) & 0xFF; + } + } +} diff --git a/source4/lib/crypto/sha256.h b/source4/lib/crypto/sha256.h new file mode 100644 index 0000000000..4a5f2cbe94 --- /dev/null +++ b/source4/lib/crypto/sha256.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sha.h 17450 2006-05-05 11:11:43Z lha $ */ + +#ifndef HEIM_SHA_H +/* + based on heildal lib/hcrypto/sha.h. Copied to lib/crypto to avoid a link + problem. Hopefully will be removed once we solve this link problem + + (tridge) + */ +#define HEIM_SHA_H 1 + +#if 0 +/* symbol renaming */ +#define SHA1_Init hc_SHA1_Init +#define SHA1_Update hc_SHA1_Update +#define SHA1_Final hc_SHA1_Final +#define SHA256_Init hc_SHA256_Init +#define SHA256_Update hc_SHA256_Update +#define SHA256_Final hc_SHA256_Final +#endif + +/* + * SHA-1 + */ + +#define SHA_DIGEST_LENGTH 20 + +struct sha { + unsigned int sz[2]; + uint32_t counter[5]; + unsigned char save[64]; +}; + +typedef struct sha SHA_CTX; + +void SHA1_Init (struct sha *m); +void SHA1_Update (struct sha *m, const void *v, size_t len); +void SHA1_Final (void *res, struct sha *m); + +/* + * SHA-2 256 + */ + +#define SHA256_DIGEST_LENGTH 32 + +struct hc_sha256state { + unsigned int sz[2]; + uint32_t counter[8]; + unsigned char save[64]; +}; + +typedef struct hc_sha256state SHA256_CTX; + +void SHA256_Init (SHA256_CTX *); +void SHA256_Update (SHA256_CTX *, const void *, size_t); +void SHA256_Final (void *, SHA256_CTX *); + +#endif /* HEIM_SHA_H */ -- cgit